阅读说明：本技术 一种防止敏感信息泄露的排查方法 (Troubleshooting method for preventing sensitive information from being leaked ) 是由 韩敏 曹爱艺 李永刚 安万平 于 2019-09-25 设计创作，主要内容包括：本发明提供了一种防止敏感信息泄露的排查方法,包括以下步骤：建立数据库,所述数据库中存储有多个关键词；排查：对网络数据平台的源码信息、文件信息、敏感数据和传输数据进行监测；遍历所述源码信息、文件信息、敏感数据和传输数据,提取其中与所述关键词匹配的词语并将它们整合为分析文件；定位所述分析文件中关键词所对应的出现次数、泄露信息、泄露来源、泄露去向和泄露次数并整合成泄露报告；这种防止敏感信息泄露的排查方法是一种基于爬虫技术的源代码泄露监测方法,其目的明确,对互联网各大数据托管平台、网盘、文库等站点的文件进行监控,并利用关键词排查信息泄露的可能性,出现泄漏时及时定位到泄露信息、泄露来源等数据,尽可能的降低损失。(The invention provides a checking method for preventing sensitive information from being leaked, which comprises the following steps: establishing a database, wherein a plurality of keywords are stored in the database; and (4) checking: monitoring source code information, file information, sensitive data and transmission data of a network data platform; traversing the source code information, the file information, the sensitive data and the transmission data, extracting words matched with the keywords from the source code information, the file information, the sensitive data and the transmission data, and integrating the words into an analysis file; positioning the occurrence times, the leakage information, the leakage source, the leakage destination and the leakage times corresponding to the keywords in the analysis file and integrating the occurrence times, the leakage information, the leakage source, the leakage destination and the leakage times into a leakage report; the method for checking sensitive information leakage prevention is a source code leakage monitoring method based on a crawler technology, has a definite purpose, monitors files of sites such as large data hosting platforms, net disks and libraries of the Internet, checks the possibility of information leakage by using keywords, timely positions data such as leakage information and leakage sources when leakage occurs, and reduces loss as much as possible.)

1. A checking method for preventing sensitive information from being leaked is characterized by comprising the following steps:

establishing a database, wherein a plurality of keywords are stored in the database;

and (4) checking: monitoring source code information, file information, sensitive data and transmission data of a network data platform; traversing the source code information, the file information, the sensitive data and the transmission data, extracting words matched with the keywords from the source code information, the file information, the sensitive data and the transmission data, and integrating the words into an analysis file; and positioning the occurrence times, the leakage information, the leakage source, the leakage destination and the leakage times corresponding to the keywords in the analysis file and integrating the occurrence times, the leakage information, the leakage source, the leakage destination and the leakage times into a leakage report.

2. The troubleshooting method for preventing sensitive information from being leaked according to claim 1, further comprising the steps of:

and providing a management interface of the keywords, and increasing, deleting, searching or changing the keywords in the database after external input is obtained.

3. The troubleshooting method for preventing sensitive information from being leaked according to claim 2, further comprising the steps of:

and providing a task management interface, and setting, starting, suspending, modifying or stopping the investigation after external input is obtained.

4. The troubleshooting method for preventing sensitive information from being leaked according to claim 3, further comprising the steps of:

providing a troubleshooting result interface, wherein the troubleshooting result interface displays the leakage report.

5. The troubleshooting method for preventing sensitive information from being leaked according to claim 4, further comprising the steps of:

establishing a classification table, wherein the query condition of the classification table is one label or the combination of a plurality of labels, and the query result of the classification table is one keyword or the combination of a plurality of keywords;

setting at least one label for each network data platform; and searching the classification table according to the label of the network data platform, and taking the table searching result as a keyword for checking the network data platform.

Technical Field

The invention relates to the technical field of network information security, in particular to a troubleshooting method for preventing sensitive information from being leaked.

Background

With the transition of the era, the current security situation is changing. From traditional communication security, to anti-virus, to border security and current data and content security. In the intelligent era, data security has become a focus. Over the past period of time, some significant information security time has occurred: the Source code leakage of Aliyun relates to more than 200 projects of 40 enterprises such as Wanke; the vulnerability reporting mailbox of the Xinjiang receives an overseas mail from a security researcher Kevin Finasterr, and the opposite party calls the GitHub code sharing community to find a link containing important sensitive information such as the Xinjiang source code; facebook announces that data leakage events occurring at 25 days 9 months affect at least 5000 ten thousand accounts, since there are hackers attacking the Facebook system, resulting in a large amount of privacy being exposed;

important data leakage such as source codes also occurs in the tap enterprise companies in the network information field, and the information security of the users still has great problems.

Disclosure of Invention

The technical problem to be solved by the invention is as follows: aiming at the risk of information leakage of the existing network data platform, the invention provides a checking method for preventing sensitive information leakage, which is used for customized checking and analysis of sites such as various large data hosting platforms, network disks, libraries and the like of the Internet, positioning information leakage, leakage sources and other information in time and reducing loss as much as possible.

The technical scheme adopted by the invention for solving the technical problems is as follows: a troubleshooting method for preventing sensitive information from being leaked comprises the following steps:

establishing a database, wherein a plurality of keywords are stored in the database;

and (4) checking: monitoring source code information, file information, sensitive data and transmission data of a network data platform; traversing the source code information, the file information, the sensitive data and the transmission data, extracting words matched with the keywords from the source code information, the file information, the sensitive data and the transmission data, and integrating the words into an analysis file; and positioning the occurrence times, the leakage information, the leakage source, the leakage destination and the leakage times corresponding to the keywords in the analysis file and integrating the occurrence times, the leakage information, the leakage source, the leakage destination and the leakage times into a leakage report.

Preferably, the method further comprises the following steps:

and providing a management interface of the keywords, and increasing, deleting, searching or changing the keywords in the database after external input is obtained.

Preferably, the method further comprises the following steps:

and providing a task management interface, and setting, starting, suspending, modifying or stopping the investigation after external input is obtained.

Preferably, the method further comprises the following steps:

providing a troubleshooting result interface, wherein the troubleshooting result interface displays the leakage report.

Preferably, the method further comprises the following steps:

establishing a classification table, wherein the query condition of the classification table is one label or the combination of a plurality of labels, and the query result of the classification table is one keyword or the combination of a plurality of keywords;

setting at least one label for each network data platform; and searching the classification table according to the label of the network data platform, and taking the table searching result as a keyword for checking the network data platform.

The method for checking sensitive information leakage has the advantages that the method is a source code leakage monitoring method based on the crawler technology, the purpose is clear, files of sites such as large data hosting platforms, net disks and libraries of the internet are monitored, the possibility of information leakage is checked by using keywords, data such as leakage information and leakage sources are timely positioned when leakage occurs, and loss is reduced as much as possible.

Drawings

The invention is further illustrated with reference to the following figures and examples.

Fig. 1 is a flowchart of a checking method for preventing sensitive information from being leaked according to the present invention.

Detailed Description

Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.

In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "axial", "radial", "circumferential", and the like, indicate orientations and positional relationships based on the orientations and positional relationships shown in the drawings, and are used merely for convenience of description and for simplicity of description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and therefore, should not be considered as limiting the present invention.

Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "connected" and "connected" are to be interpreted broadly, e.g., as being fixed or detachable or integrally connected; can be mechanically or electrically connected; may be directly connected or indirectly connected through an intermediate. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified.

Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.

As shown in fig. 1, the present invention provides a checking method for preventing sensitive information from leaking, which is executed by a program in a portable device, including but not limited to a notebook computer, a smart phone, and a tablet computer. The architecture of a program on a portable device includes a user interaction layer, a data analysis layer, a data collection layer, and a data source layer. In the data source layer, network IP addresses are allocated and network configuration parameters are debugged for different network data platforms, such as Baidu libraries, Baidu cloud disks, Neil mailboxes, Aliskiu, Github, Facebook and the like.

And establishing a database for storing the keywords, wherein a user interaction layer displays a management interface of the keywords on a display, and the management interface is used for increasing, deleting, searching or changing the keywords in the database through input equipment.

The method comprises the following steps of (1) checking text files such as word, pdf and the like on a network data platform at a data acquisition layer: monitoring source code information, file information, sensitive data and transmission data in the network text file, traversing the source code information, the file information, the sensitive data and the transmission data, extracting words matched with the keywords in the source code information, the file information, the sensitive data and the transmission data, and integrating the words into an analysis file;

and analyzing the keywords in the analysis file in a statistic, correlation, linear and other modes at a data analysis layer, positioning the occurrence times, leakage information, leakage sources, leakage destinations and leakage times corresponding to the keywords in the analysis file, and integrating the occurrence times, the leakage information, the leakage sources, the leakage destinations and the leakage times into a leakage report. The user interaction layer provides a troubleshooting result interface on the display, the leakage report is displayed on the troubleshooting result interface, and the user can timely process the leaked information by seeing the leakage report, so that the leakage in a wider range is prevented, and the loss is reduced.

The user interaction layer provides a task management interface on the display, and a user operates on the task management interface and sets, starts, pauses, modifies or stops troubleshooting after obtaining external input.

The network data platforms have various types, the data stored by the network data platforms are different, but the data types of the platforms in the same type are similar, so that a classification table can be established, the query condition of the classification table is one label or the combination of a plurality of labels, and the query result of the classification table is one keyword or the combination of a plurality of keywords;

at a user interaction layer, a user can set at least one label for each network data platform; and searching the classification table according to the label of the network data platform, and taking the table searching result as a keyword for checking the network data platform. Therefore, when a user needs to check a new platform, abundant and accurate keywords can be matched only by simply setting a plurality of labels according to the type of the platform, and the user does not need to match the keywords for the new platform one by one.

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, a schematic representation of the term does not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

In light of the foregoing description of the preferred embodiment of the present invention, many modifications and variations will be apparent to those skilled in the art without departing from the spirit and scope of the invention. The technical scope of the present invention is not limited to the content of the specification, and must be determined according to the scope of the claims.